Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Change port MySQL server..

  • 03-02-2009 8:18am
    #1
    Registered Users, Registered Users 2 Posts: 2,236 ✭✭✭


    Hey,

    I've just lost the best part of two of my life that I will never get back :mad:

    I was fiddling around with wamp server trying to change the default port for MySQL from 3306..

    Anytime I change My.ini port to something other than 3306
    And also change the clients connection string to the other port everything breaks..firewall is set ok, but its even a local problem(can't connect to mysql from command line)

    I usually use the instance configuration wizard but with wampserver the install i different and it can't find my-template.cnf (does anybody know where this is?)

    It's not the end of the world but on my real server the port is different which means if I can't change the dev server port I will have to edit code when putting apps live..

    Thanks for any advice..


Comments

  • Closed Accounts Posts: 2,349 ✭✭✭nobodythere


    To start with the simplest of things, you did take the "#" out of the port=3306 line yes?

    Also: http://bitnami.org/forums/forums/10/topics/724


  • Registered Users, Registered Users 2 Posts: 2,236 ✭✭✭techguy


    The line wasn't commented in the first place..

    I find this pretty odd because all works well when it's at 3306 but when I change it to something else it stops working, meaning i'm editing the correct field by the new port isn't working.

    My firewall is set to allow the new port through.

    Is there actually a need to change the port for security reasons? I was just thinking this would make things more secure, will it?? Am I just foolnig around here?!


  • Closed Accounts Posts: 2,349 ✭✭✭nobodythere


    The port shouldn't be open to the outside world as passwords can be bruteforced then. No need to change the number though


  • Registered Users, Registered Users 2 Posts: 2,236 ✭✭✭techguy


    That makes sense when using it for web applications when the webserver local too but what about when I make a Java program to connect to the DB, I just have the mysql port forwarded on my router..is this bad? What other ways can I do it?


  • Closed Accounts Posts: 2,349 ✭✭✭nobodythere


    Do you mean setting up port forwarding so you can access it from outside your local network? You can access it from within the local network without port forwarding.

    The reason they tell you to change the port is that there is a possibility of someone trying to bruteforce your user/pass or exploit vulnerabilities in MySQL. If your MySQL is reasonably up to date, you don't have the root account enabled and your password isn't something dumb like '12345' you have nothing to worry about ;) It's good experience learning to secure it anyway.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 2,236 ✭✭✭techguy


    Yes I mean to be able to access it from the internet.

    So let me get this straight, keep mysql up to date and disable root account to keep more secure?

    Thats interesting because I use root for everything..! Should I just drop root and create another user with all priveleges, the same as the root and just use that instead?

    Whats to stop the hacker from getting a list of users (there won't be many on my server) and trying them..? Is there a way to limit the number of password attempts in one hour? like queries per hour?

    Would you recommend changing the port number or not? Does it not add a another layer of security?

    EDIT: Should I allow my phpmyadmin site be accessed from the internet or just the local machine or lan? I noticed it was restricted to local computer on WAMPserver

    I seem to be asking a lot of newbie questions here regarding security, i'm going to go google some guides now. Any links would be appreciated, thanks.


  • Registered Users, Registered Users 2 Posts: 26,584 ✭✭✭✭Creamy Goodness


    It's good practice to use root account be it for mysql or a unix user account to do root only activities ie. Add/delete user. In mysql - or any db really - it's good to have a new user for every application you create and limit their access purely to the database connected to that application.

    Only allow your phpmyadmin login page be accessed from the web if you need it to be if you don't need to access it from outside the network then don't.


  • Registered Users, Registered Users 2 Posts: 2,236 ✭✭✭techguy


    It's good practice to use root account be it for mysql or a unix user account to do root only activities ie. Add/delete user. In mysql - or any db really - it's good to have a new user for every application you create and limit their access purely to the database connected to that application.

    Only allow your phpmyadmin login page be accessed from the web if you need it to be if you don't need to access it from outside the network then don't.

    I'm going to try and go along those lines so..thanks!


  • Closed Accounts Posts: 2,349 ✭✭✭nobodythere


    techguy wrote: »
    Yes I mean to be able to access it from the internet.

    So let me get this straight, keep mysql up to date and disable root account to keep more secure?

    I'd take a fair guess that if someone was going to try and brute-force your server they'd start with root/root root/admin root/12345 etc. A brute forcer is easy to cook up: http://www.securiteam.com/tools/5YP0H0A40O.html . You can enable phpMyAdmin if you want, though if you have the MySQL port open you can use a free client called MySQL-Front that may be more to your liking.

    Note that the MySQL server isn't accessed directly by the user, only by the PHP interpreter, so it doesn't need to be visible from outside for your website to work. Just in case that's what you were thinking.

    Thats interesting because I use root for everything..! Should I just drop root and create another user with all priveleges, the same as the root and just use that instead?

    Whats to stop the hacker from getting a list of users (there won't be many on my server) and trying them..? Is there a way to limit the number of password attempts in one hour? like queries per hour?

    Your application can be vulnerable to SQL injection attacks, get hacked as root and the damage is much worse, get hacked as a normal user and you're alright.

    AFAIK there's no easy way to get a list of users on the server if you're an attacker, unless perhaps you have an account on the server.

    Would you recommend changing the port number or not? Does it not add a another layer of security?

    In a way it may defend against bots scanning for vulnerable versions of MySQL. For a real user, a simple port scan with nmap will get your MySQL port anyway. Long story short: Very unlikely it will make a difference to your security

    http://www.securityfocus.com/infocus/1726
    http://www.devshed.com/c/a/MySQL/MySQL-Security-Overview/


Advertisement